• Welcome to Valhalla Legends Archive.
 

Simple Message Spoofer

Started by Networks, July 01, 2005, 12:58 PM

Previous topic - Next topic

Networks

I am not sure where this can go so I'll stick it in here and you can move it around to where ever it may need to go.

My question is how do I defeat DMA? I want to find the static address so I can type text in the ingame text area. I can find the DMA using ArtMoney however I am stumped on how to find a static address. Some addresses I've recieved are: 02500094, 02600094, the pattern is 0x94 at the end always. Any hints, help, or solution are appreciated. I don't want somone to just GIVE me the static address I want someone to explain it or give me hints. Thank you

Blaze

That pattern is always 00094 not just 94.  My colorhack just loops through checking each one for the value of 'start'.

example:

for(i = 0x1000094; i <= 0xFF00094; i += 0x10000)
{
ReadProcessMemory(prcHandle, (LPVOID)i, &strTemp, 5, NULL);
if (strcmp(strTemp, "start") == 0)
{
memLocation = i;
WriteProcessMemory(prcHandle, (LPVOID)memLocation, "Found", 5, NULL);
}
}
Quote
Mitosis: Haha, Im great arent I!
hismajesty[yL]: No

Networks

Quote from: Blaze on July 01, 2005, 02:14 PM
That pattern is always 00094 not just 94.  My colorhack just loops through checking each one for the value of 'start'.

example:

for(i = 0x1000094; i <= 0xFF00094; i += 0x10000)
{
ReadProcessMemory(prcHandle, (LPVOID)i, &strTemp, 5, NULL);
if (strcmp(strTemp, "start") == 0)
{
memLocation = i;
WriteProcessMemory(prcHandle, (LPVOID)memLocation, "Found", 5, NULL);
}
}


I am trying to find a work around of that.

iago

Quote from: Blaze on July 01, 2005, 02:14 PM
That pattern is always 00094 not just 94.  My colorhack just loops through checking each one for the value of 'start'.

example:

for(i = 0x1000094; i <= 0xFF00094; i += 0x10000)
{
ReadProcessMemory(prcHandle, (LPVOID)i, &strTemp, 5, NULL);
if (strcmp(strTemp, "start") == 0)
{
memLocation = i;
WriteProcessMemory(prcHandle, (LPVOID)memLocation, "Found", 5, NULL);
}
}


Have you looked at the values between xx00000 and xx00094?  There is a large section in there that is unique doesn't change, so instead of looking at the string you typed in you can just search for that value.  That would automate finding the address for you.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*